Az Policy Advertizer

Azure_Security_Benchmark_v3.0

PV-2

Azure_Security_Benchmark_v3.0_PV-2

Microsoft cloud security benchmark PV-2

Posture and Vulnerability Management

Audit and enforce secure configurations

Shared

**Security Principle:** Continuously monitor and alert when there is a deviation from the defined configuration baseline. Enforce the desired configuration according to the baseline configuration by denying the non-compliant configuration or deploy a configuration. **Azure Guidance:** Use Microsoft Defender for Cloud to configure Azure Policy to audit and enforce configurations of your Azure resources. Use Azure Monitor to create alerts when there is a configuration deviation detected on the resources. Use Azure Policy [deny] and [deploy if not exist] rule to enforce secure configuration across Azure resources. For resource configuration audit and enforcement not supported by Azure Policy, you may need to write your own scripts or use third-party tooling to implement the configuration audit and enforcement. **Implementation and additional context:** Understand Azure Policy effects: https://docs.microsoft.com/azure/governance/policy/concepts/effects Create and manage policies to enforce compliance: https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage Get compliance data of Azure resources: https://docs.microsoft.com/azure/governance/policy/how-to/get-compliance-data

n/a

C.04.7 - Evaluated

404 not found

n/a

CMMC_2.0_L2

CM.L2-3.4.1

CMMC_2.0_L2_CM.L2-3.4.1

404 not found

n/a

CMMC_2.0_L2

CM.L2-3.4.2

CMMC_2.0_L2_CM.L2-3.4.2

404 not found

n/a

CCC_03

CSA_v4.0.12_CCC_03

CSA Cloud Controls Matrix v4.0.12 CCC 03

Change Control and Configuration Management

Change Management Technology

Shared

n/a

Manage the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced).

CCC_04

CSA_v4.0.12_CCC_04

CSA Cloud Controls Matrix v4.0.12 CCC 04

Change Control and Configuration Management

Unauthorized Change Protection

Shared

n/a

Restrict the unauthorized addition, removal, update, and management of organization assets.

CEK_03

CSA_v4.0.12_CEK_03

CSA Cloud Controls Matrix v4.0.12 CEK 03

Cryptography, Encryption & Key Management

Data Encryption

Shared

n/a

Provide cryptographic protection to data at-rest and in-transit, using cryptographic libraries certified to approved standards.

IAM_07

CSA_v4.0.12_IAM_07

CSA Cloud Controls Matrix v4.0.12 IAM 07

Identity & Access Management

User Access Changes and Revocation

Shared

n/a

De-provision or respectively modify access of movers / leavers or system identity changes in a timely manner in order to effectively adopt and communicate identity and access management policies.

IVS_07

CSA_v4.0.12_IVS_07

CSA Cloud Controls Matrix v4.0.12 IVS 07

Infrastructure & Virtualization Security

Migration to Cloud Environments

Shared

n/a

Use secure and encrypted communication channels when migrating servers, services, applications, or data to cloud environments. Such channels must include only up-to-date and approved protocols.

TVM_04

CSA_v4.0.12_TVM_04

CSA Cloud Controls Matrix v4.0.12 TVM 04

Threat & Vulnerability Management

Detection Updates

Shared

n/a

Define, implement and evaluate processes, procedures and technical measures to update detection tools, threat signatures, and indicators of compromise on a weekly, or more frequent basis.

TVM_07

CSA_v4.0.12_TVM_07

CSA Cloud Controls Matrix v4.0.12 TVM 07

Threat & Vulnerability Management

Vulnerability Identification

Shared

n/a

Define, implement and evaluate processes, procedures and technical measures for the detection of vulnerabilities on organizationally managed assets at least monthly.

Cyber_Essentials_v3.1

Cyber_Essentials_v3.1_1

Cyber Essentials v3.1 1

Cyber Essentials

Firewalls

Shared

n/a

Aim: to make sure that only secure and necessary network services can be accessed from the internet.

Cyber_Essentials_v3.1

Cyber_Essentials_v3.1_3

Cyber Essentials v3.1 3

Cyber Essentials

Security Update Management

Shared

n/a

Aim: ensure that devices and software are not vulnerable to known security issues for which fixes are available.

Cyber_Essentials_v3.1

Cyber_Essentials_v3.1_5

Cyber Essentials v3.1 5

Cyber Essentials

Malware protection

Shared

n/a

Aim: to restrict execution of known malware and untrusted software, from causing damage or accessing data.

EU_2555_(NIS2)_2022_11

EU 2022/2555 (NIS2) 2022 11

Requirements, technical capabilities and tasks of CSIRTs

Shared

n/a

Outlines the requirements, technical capabilities, and tasks of CSIRTs.

EU_2555_(NIS2)_2022_12

EU 2022/2555 (NIS2) 2022 12

Coordinated vulnerability disclosure and a European vulnerability database

Shared

n/a

Establishes a coordinated vulnerability disclosure process and a European vulnerability database.

EU_2555_(NIS2)_2022_21

EU 2022/2555 (NIS2) 2022 21

Cybersecurity risk-management measures

Shared

n/a

Requires essential and important entities to take appropriate measures to manage cybersecurity risks.

193

FBI_Criminal_Justice_Information_Services_v5.9.5_5

EU_2555_(NIS2)_2022_29

EU 2022/2555 (NIS2) 2022 29

Cybersecurity information-sharing arrangements

Shared

n/a

Allows entities to exchange relevant cybersecurity information on a voluntary basis.

.11

FBI_Criminal_Justice_Information_Services_v5.9.5_5.11

FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11

Policy and Implementation - Formal Audits

Policy Area 11: Formal Audits

Shared

Internal compliance checklists should be regularly kept updated with respect to applicable statutes, regulations, policies and on the basis of findings in audit.

Formal audits are conducted to ensure compliance with applicable statutes, regulations and policies.

FBI_Criminal_Justice_Information_Services_v5.9.5_5

FBI_Criminal_Justice_Information_Services_v5.9.5_5.7

404 not found

n/a

FedRAMP_High_R4

CM-6

FedRAMP_High_R4_CM-6

FedRAMP High CM-6

Configuration Management

Configuration Settings

Shared

n/a

The organization: a. Establishes and documents configuration settings for information technology products employed within the information system using [Assignment: organization-defined security configuration checklists] that reflect the most restrictive mode consistent with operational requirements; b. Implements the configuration settings; c. Identifies, documents, and approves any deviations from established configuration settings for [Assignment: organization-defined information system components] based on [Assignment: organization-defined operational requirements]; and d. Monitors and controls changes to the configuration settings in accordance with organizational policies and procedures. Supplemental Guidance: Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the information system that affect the security posture and/or functionality of the system. Information technology products for which security- related configuration settings can be defined include, for example, mainframe computers, servers (e.g., database, electronic mail, authentication, web, proxy, file, domain name), workstations, input/output devices (e.g., scanners, copiers, and printers), network components (e.g., firewalls, routers, gateways, voice and data switches, wireless access points, network appliances, sensors), operating systems, middleware, and applications. Security-related parameters are those parameters impacting the security state of information systems including the parameters required to satisfy other security control requirements. Security-related parameters include, for example: (i) registry settings; (ii) account, file, directory permission settings; and (iii) settings for functions, ports, protocols, services, and remote connections. Organizations establish organization-wide configuration settings and subsequently derive specific settings for information systems. The established settings become part of the systems configuration baseline. Common secure configurations (also referred to as security configuration checklists, lockdown and hardening guides, security reference guides, security technical implementation guides) provide recognized, standardized, and established benchmarks that stipulate secure configuration settings for specific information technology platforms/products and instructions for configuring those information system components to meet operational requirements. Common secure configurations can be developed by a variety of organizations including, for example, information technology product developers, manufacturers, vendors, consortia, academia, industry, federal agencies, and other organizations in the public and private sectors. Common secure configurations include the United States Government Configuration Baseline (USGCB) which affects the implementation of CM-6 and other controls such as AC-19 and CM-7. The Security Content Automation Protocol (SCAP) and the defined standards within the protocol (e.g., Common Configuration Enumeration) provide an effective method to uniquely identify, track, and control configuration settings. OMB establishes federal policy on configuration requirements for federal information systems. Related controls: AC-19, CM-2, CM-3, CM-7, SI-4. References: OMB Memoranda 07-11, 07-18, 08-22; NIST Special Publications 800-70, 800-128; Web: http://nvd.nist.gov, http://checklists.nist.gov, http://www.nsa.gov.

FedRAMP_Moderate_R4

CM-6

FedRAMP_Moderate_R4_CM-6

FedRAMP Moderate CM-6

Configuration Management

Configuration Settings

Shared

n/a

01.l

HITRUST_CSF_v11.3_01.l

HITRUST CSF v11.3 01.l

Network Access Control

Prevent unauthorized access to networked services.

Shared

Ports, services, and applications installed on a computer or network systems, which are not specifically required for business functionality, to be disabled or removed.

Physical and logical access to diagnostic and configuration ports shall be controlled.

09.j

HITRUST_CSF_v11.3_09.j

HITRUST CSF v11.3 09.j

Protection Against Malicious and Mobile Code

Ensure that integrity of information and software is protected from malicious or unauthorized code

Shared

1. Technologies are to be implemented for timely installation, upgrade and renewal of anti-malware protective measures. 2. Automatic periodic scans of information systems is to be implemented. 3. Anti-malware software that offers a centralized infrastructure that compiles information on file reputations is to be implemented. 4. Post-malicious code update, signature deployment, scanning files, email, and web traffic is to be verified by automated systems, while BYOD users require anti-malware, network-based malware detection is to be used on servers without host-based solutions use. 5. Anti-malware audit logs checks to be performed. 6. Protection against malicious code is to be based on malicious code detection and repair software, security awareness, appropriate system access, and change management controls.

Detection, prevention, and recovery controls shall be implemented to protect against malicious code, and appropriate user awareness procedures on malicious code shall be provided.

09.m

HITRUST_CSF_v11.3_09.m

HITRUST CSF v11.3 09.m

Network Security Management

Ensure the protection of information in networks and protection of the supporting network infrastructure.

Shared

1. Vendor default encryption keys, default SNMP community strings on wireless devices, default passwords/passphrases on access points, and other security-related wireless vendor defaults is to be changed prior to authorization of implementation of wireless access points. 2. Wireless encryption keys to be changed when anyone with knowledge of the keys leaves or changes. 3. All authorized and unauthorized wireless access to the information system is to be monitored and installation of wireless access points (WAP) is to be prohibited unless explicitly authorized.

Networks shall be managed and controlled in order to protect the organization from threats and to maintain security for the systems and applications using the network, including information in transit.

10.c

HITRUST_CSF_v11.3_10.c

HITRUST CSF v11.3 10.c

Correct Processing in Applications

Incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts.

Shared

Data integrity controls which manage changes, prevent sequencing errors, ensure recovery from failures, and protect against buffer overrun attacks are to be implemented.

Validation checks shall be incorporated into applications to detect any corruption of information through processing errors or deliberate acts.

New_Zealand_ISM_14.1.9.C.01

10.m

HITRUST_CSF_v11.3_10.m

HITRUST CSF v11.3 10.m

Technical Vulnerability Management

Reduce the risks resulting from exploitation of published technical vulnerabilities, technical vulnerability management shall be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness.

Shared

1. The necessary secure services, protocols required for the function of the system are to be enabled. 2. Security features to be implemented for any required services that are considered to be insecure. 3. Laptops, workstations, and servers to be configured so they will not auto-run content from removable media. 4. Configuration standards to be consistent with industry-accepted system hardening standards. 5. An enterprise security posture review within every 365 days is to be conducted. 6. Vulnerability scanning tools to be regularly updated with all relevant information system vulnerabilities.

Timely information about technical vulnerabilities of information systems being used shall be obtained; the organization’s exposure to such vulnerabilities evaluated; and appropriate measures taken to address the associated risk.

New_Zealand_ISM

14.1.9.C.01

14. Software security

14.1.9.C.01 Maintaining hardened SOEs

n/a

Agencies MUST ensure that for all servers and workstations: a technical specification is agreed for each platform with specified controls; a standard configuration created and updated for each operating system type and version; system users do not have the ability to install or disable software without approval; and installed software and operating system patching is up to date.

NIST_SP_800-171_R2_3

.4.1

NIST_SP_800-171_R2_3.4.1

NIST SP 800-171 R2 3.4.1

Configuration Management

Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.

Shared

Microsoft and the customer share responsibilities for implementing this requirement.

Baseline configurations are documented, formally reviewed, and agreed-upon specifications for systems or configuration items within those systems. Baseline configurations serve as a basis for future builds, releases, and changes to systems. Baseline configurations include information about system components (e.g., standard software packages installed on workstations, notebook computers, servers, network components, or mobile devices; current version numbers and update and patch information on operating systems and applications; and configuration settings and parameters), network topology, and the logical placement of those components within the system architecture. Baseline configurations of systems also reflect the current enterprise architecture. Maintaining effective baseline configurations requires creating new baselines as organizational systems change over time. Baseline configuration maintenance includes reviewing and updating the baseline configuration when changes are made based on security risks and deviations from the established baseline configuration. Organizations can implement centralized system component inventories that include components from multiple organizational systems. In such situations, organizations ensure that the resulting inventories include system-specific information required for proper component accountability (e.g., system association, system owner). Information deemed necessary for effective accountability of system components includes hardware inventory specifications, software license information, software version numbers, component owners, and for networked components or devices, machine names and network addresses. Inventory specifications include manufacturer, device type, model, serial number, and physical location. [SP 800-128] provides guidance on security-focused configuration management.

NIST_SP_800-171_R2_3

.4.2

NIST_SP_800-171_R2_3.4.2

NIST SP 800-171 R2 3.4.2

Configuration Management

Establish and enforce security configuration settings for information technology products employed in organizational systems.

Shared

Microsoft and the customer share responsibilities for implementing this requirement.

Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system that affect the security posture or functionality of the system. Information technology products for which security-related configuration settings can be defined include mainframe computers, servers, workstations, input and output devices (e.g., scanners, copiers, and printers), network components (e.g., firewalls, routers, gateways, voice and data switches, wireless access points, network appliances, sensors), operating systems, middleware, and applications. Security parameters are those parameters impacting the security state of systems including the parameters required to satisfy other security requirements. Security parameters include: registry settings; account, file, directory permission settings; and settings for functions, ports, protocols, and remote connections. Organizations establish organization-wide configuration settings and subsequently derive specific configuration settings for systems. The established settings become part of the systems configuration baseline. Common secure configurations (also referred to as security configuration checklists, lockdown and hardening guides, security reference guides, security technical implementation guides) provide recognized, standardized, and established benchmarks that stipulate secure configuration settings for specific information technology platforms/products and instructions for configuring those system components to meet operational requirements. Common secure configurations can be developed by a variety of organizations including information technology product developers, manufacturers, vendors, consortia, academia, industry, federal agencies, and other organizations in the public and private sectors. [SP 800-70] and [SP 800-128] provide guidance on security configuration settings.

NIST_SP_800-53_R4

CM-6

NIST_SP_800-53_R4_CM-6

NIST SP 800-53 Rev. 4 CM-6

Configuration Management

Configuration Settings

Shared

n/a

NIST_SP_800-53_R5

CM-6

NIST_SP_800-53_R5_CM-6

NIST SP 800-53 Rev. 5 CM-6

Configuration Management

Configuration Settings

Shared

n/a

a. Establish and document configuration settings for components employed within the system that reflect the most restrictive mode consistent with operational requirements using [Assignment: organization-defined common secure configurations]; b. Implement the configuration settings; c. Identify, document, and approve any deviations from established configuration settings for [Assignment: organization-defined system components] based on [Assignment: organization-defined operational requirements]; and d. Monitor and control changes to the configuration settings in accordance with organizational policies and procedures.

NZ_ISM_v3.5

SS-3

NZ_ISM_v3.5_SS-3

NZISM Security Benchmark SS-3

Software security

14.1.9 Maintaining hardened SOEs

Customer

n/a

Whilst a SOE can be sufficiently hardened when it is deployed, its security will progressively degrade over time. Agencies can address the degradation of the security of a SOE by ensuring that patches are continually applied, system users are not able to disable or bypass security functionality and antivirus and other security software is appropriately maintained with the latest signatures and updates. End Point Agents monitor traffic and apply security policies on applications, storage interfaces and data in real-time. Administrators actively block or monitor and log policy breaches. The End Point Agent can also create forensic monitoring to facilitate incident investigation. End Point Agents can monitor user activity, such as the cut, copy, paste, print, print screen operations and copying data to external drives and other devices. The Agent can then apply policies to limit such activity.

14.1.8.C.01.

NZISM_v3.7_14.1.8.C.01.

NZISM v3.7 14.1.8.C.01.

Standard Operating Environments

14.1.8.C.01. - minimise vulnerabilities and enhance system security

Shared

n/a

Agencies SHOULD develop a hardened SOE for workstations and servers, covering: 1. removal of unneeded software and operating system components; 2. removal or disabling of unneeded services, ports and BIOS settings; 3. disabling of unused or undesired functionality in software and operating systems; 4. implementation of access controls on relevant objects to limit system users and programs to the minimum access required; 5. installation of antivirus and anti-malware software; 6. installation of software-based firewalls limiting inbound and outbound network connections; 7. configuration of either remote logging or the transfer of local event logs to a central server; and 8. protection of audit and other logs through the use of a one way pipe to reduce likelihood of compromise key transaction records.

17.8.10.C.01.

NZISM_v3.7_17.8.10.C.01.

NZISM v3.7 17.8.10.C.01.

Internet Protocol Security (IPSec)

17.8.10.C.01. - enhance overall cybersecurity posture.

Shared

n/a

Agencies SHOULD use tunnel mode for IPSec connections.

17.8.10.C.02.

NZISM_v3.7_17.8.10.C.02.

NZISM v3.7 17.8.10.C.02.

Internet Protocol Security (IPSec)

17.8.10.C.02. - enhance overall cybersecurity posture.

Shared

n/a

Agencies choosing to use transport mode SHOULD additionally use an IP tunnel for IPSec connections.

22.3.11.C.01.

NZISM_v3.7_22.3.11.C.01.

NZISM v3.7 22.3.11.C.01.

Virtual Local Area Networks

22.3.11.C.01. - ensure data security and integrity.

Shared

n/a

Unused ports on the switches MUST be disabled.

22.3.11.C.02.

NZISM_v3.7_22.3.11.C.02.

NZISM v3.7 22.3.11.C.02.

Virtual Local Area Networks

22.3.11.C.02. - ensure data security and integrity.

Shared

n/a

Unused ports on the switches SHOULD be disabled.

RMiT_v1.0

10.55

RMiT_v1.0_10.55

RMiT 10.55

Access Control

Access Control - 10.55

Shared

n/a

In observing paragraph 10.54, a financial institution should consider the following principles in its access control policy: (a) adopt a 'deny all' access control policy for users by default unless explicitly authorised; (b) employ 'least privilege' access rights or on a 'need-to-have' basis where only the minimum sufficient permissions are granted to legitimate users to perform their roles; (c) employ time-bound access rights which restrict access to a specific period including access rights granted to service providers; (d) employ segregation of incompatible functions where no single person is responsible for an entire operation that may provide the ability to independently modify, circumvent, and disable system security features. This may include a combination of functions such as: (i) system development and technology operations; (ii) security administration and system administration; and (iii) network operation and network security;" (e) employ dual control functions which require two or more persons to execute an activity; (f) adopt stronger authentication for critical activities including for remote access; (g) limit and control the use of the same user ID for multiple concurrent sessions; (h) limit and control the sharing of user ID and passwords across multiple users; and (i) control the use of generic user ID naming conventions in favour of more personally identifiable IDs.

SOC_2

CC6.8

SOC_2_CC6.8

SOC 2 Type 2 CC6.8

Logical and Physical Access Controls

Prevent or detect against unauthorized or malicious software

Shared

The customer is responsible for implementing this recommendation.

Restricts Application and Software Installation — The ability to install applications and software is restricted to authorized individuals. • Detects Unauthorized Changes to Software and Configuration Parameters — Processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software. • Uses a Defined Change Control Process — A management-defined change control process is used for the implementation of software. • Uses Antivirus and Anti-Malware Software — Antivirus and anti-malware software is implemented and maintained to provide for the interception or detection and remediation of malware. • Scans Information Assets from Outside the Entity for Malware and Other Unauthorized Software — Procedures are in place to scan information assets that have been transferred or returned to the entity’s custody for malware and other unauthorized software and to remove any items detected prior to its implementation on the network.

SOC_2

CC8.1

SOC_2_CC8.1

SOC 2 Type 2 CC8.1

Change Management

Changes to infrastructure, data, and software

Shared

The customer is responsible for implementing this recommendation.

Manages Changes Throughout the System Life Cycle — A process for managing system changes throughout the life cycle of the system and its components (infrastructure, data, software, and procedures) is used to support system availability and processing integrity. • Authorizes Changes — A process is in place to authorize system changes prior to development. • Designs and Develops Changes — A process is in place to design and develop system changes. • Documents Changes — A process is in place to document system changes to support ongoing maintenance of the system and to support system users in performing their responsibilities. • Tracks System Changes — A process is in place to track system changes prior to implementation. • Configures Software — A process is in place to select and implement the configuration parameters used to control the functionality of software. • Tests System Changes — A process is in place to test system changes prior to implementation. • Approves System Changes — A process is in place to approve system changes prior to implementation. • Deploys System Changes — A process is in place to implement system changes. • Identifies and Evaluates System Changes — Objectives affected by system changes are identified and the ability of the modified system to meet the objectives is evaluated throughout the system development life cycle. • Identifies Changes in Infrastructure, Data, Software, and Procedures Required to Remediate Incidents — Changes in infrastructure, data, software, and procedures required to remediate incidents to continue to meet objectives are identified and the change process is initiated upon identification. • Creates Baseline Configuration of IT Technology — A baseline configuration of IT and control systems is created and maintained. • Provides for Changes Necessary in Emergency Situations — A process is in place for authorizing, designing, testing, approving, and implementing changes necessary in emergency situations (that is, changes that need to be implemented in an urgent time frame). Additional points of focus that apply only in an engagement using the trust services criteria for confidentiality: • Protects Confidential Information — The entity protects confidential information during system design, development, testing, implementation, and change processes to meet the entity’s objectives related to confidentiality. Additional points of focus that apply only in an engagement using the trust services criteria for privacy: • Protects Personal Information — The entity protects personal information during system design, development, testing, implementation, and change processes to meet the entity’s objectives related to privacy.

CC2.3

SOC_2023_CC2.3

SOC 2023 CC2.3

Information and Communication

Facilitate effective internal communication.

Shared

n/a

Entity to communicate with external parties regarding matters affecting the functioning of internal control.

218

CC5.3

SOC_2023_CC5.3

SOC 2023 CC5.3

Control Activities

Maintain alignment with organizational objectives and regulatory requirements.

Shared

n/a

Entity deploys control activities through policies that establish what is expected and in procedures that put policies into action by establishing Policies and Procedures to Support Deployment of Management’s Directives, Responsibility and Accountability for Executing Policies and Procedures, perform tasks in a timely manner, taking corrective actions, perform using competent personnel and reassess policies and procedures.

229

CC6.1

SOC_2023_CC6.1

SOC 2023 CC6.1

Logical and Physical Access Controls

Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets.

Shared

n/a

Entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives by identifying and managing the inventory of information assets, restricting logical access, identification and authentication of users, consider network segmentation, manage points of access, restricting access of information assets, managing identification and authentication, managing credentials for infrastructure and software, using encryption to protect data and protect using encryption keys.

128

CC6.7

SOC_2023_CC6.7

404 not found

n/a

CC6.8

SOC_2023_CC6.8

SOC 2023 CC6.8

Logical and Physical Access Controls

Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity.

Shared

n/a

Entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s objectives.

CC7.2

SOC_2023_CC7.2

SOC 2023 CC7.2

Systems Operations

Maintain robust security measures and ensure operational resilience.

Shared

n/a

The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analysed to determine whether they represent security events.

167